||||
Symantec.com > Security Response > Infostealer.Irftp

Infostealer.Irftp

Risk Level 1: Very Low

Printer Friendly Page

Discovered: March 12, 2004
Updated: February 13, 2007 12:54:08 PM
Also Known As: PWSteal.Irftp
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Infostealer.Irftp is a Trojan horse that mimics the online interfaces of Brazilian banks to try to steal account information.

This Trojan is typically found inside a self-extracting archive with a deceptive file name (for example, "cartao.exe"). When it is executed, the archive installs the Trojan, which is usually named Ir_Ftp.exe.


NOTE : Definitions prior to May 10, 2006 may detect this threat as PWSteal.Irftp



Symantec Security Response has received reports of customers receiving the following email, which purports to be from Symantec but actually contains a link to Infostealer.Irftp:
    From (spoofed): "symantec" <symantec@net.com>
    Subject: Atenção-Vírus de alta periculosidade
    Message Body:
    ATENÇÃO PARA ESTA NOTA ESPECIAL

    Se você recebeu esta menssagem e porque recebemos reclamação de seu provedor de e-mail's que seu computador foi infectado por um um virus chamado trjspy.pod.exe , ele é de alto risco. Por isso tivemos o cuidado de alertá-lo, e juntamente com essa menssagem enviamos a ferramenta para que voce mesmo sem dificuldades alguma possa remove-lo.E so clicar no link abaixo e seguir todos os passos de remoção do mesmo. Ao clicar no link abaixo aparecera as opções de Dowloads; você pode salvar em disco ou clicar em abrir que o mesmo ja executará os passos de remoção do vírus .
    Clique no link abaixo e siga os passos de remoção ...

    <<< Removal Tool >>>
This message does not come from Symantec. We advise you to delete such email if you receive it.

Protection

  • Initial Rapid Release version March 13, 2004
  • Latest Rapid Release version September 15, 2008 revision 038
  • Initial Daily Certified version March 13, 2004
  • Latest Daily Certified version September 15, 2008 revision 048
  • Initial Weekly Certified release date March 13, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: High

Distribution

  • Distribution Level: Low

Writeup By: Heather Shannon
PRINT THIS PAGE
Search by name
Example: W32.Beagle.AG@mm
Norton Internet Security / Norton AntiVirus 2009
Windows Vista Security
©1995 - 2008 Symantec Corporation
Site Map |
Legal Notices |
Privacy Policy |
|
Contact Us |
Global Sites |
License Agreements